Just a note that more vulnerabilities have been discovered that will require another round of patching. Infoblox have released a new version of NIOS to address these and other vendors are publishing patches as I write this. The CVE’s are summarised below: CVE–2016–2088: A response containing multiple DNS cookies causes servers with cookie support enabled […]
CVE-2016-1285, CVE-2016-1286 and CVE-2016-2088 vulnerabilities
CVE-2015-5477: Sorry, you will need to patch if you’re running BIND!
We don’t normally get too involved with discussing or publishing details about bugs and patches for BIND, however due to the severity of CVE-2015-5477, it has prompted a couple of customers to email me directly who I think just wanted a second opinion. Basically, yes, you do have to patch BIND! Unfortunately, the news from […]
Calleva Networks launches free DNS malware assessment
More and more malware is using DNS not only to contact command-and-control servers but as a data exfiltration mechanism that can see your valuable and precious data “leaking” out from the confines of your organisation. DNS is normally left relatively unsecured compared to other protocols because so many applications and servers depend upon it. Through […]
Is DANE DNSSEC’s killer app?
DANE has been around for a few years now but still seems to be a bit of an underground topic. It hardly ever crops up in conversations I have with prospects and the fact it is reliant on DNSSEC, which takes a serious commitment to implement, makes me wonder if this is just another good […]